Skip to Main content Skip to Navigation
Conference papers

What if Adversarial Samples were Digital Images?

Abstract : Although adversarial sampling is a trendy topic in computer vision , very few works consider the integral constraint: The result of the attack is a digital image whose pixel values are integers. This is not an issue at first sight since applying a rounding after forging an adversarial sample trivially does the job. Yet, this paper shows theoretically and experimentally that this operation has a big impact. The adversarial perturbations are fragile signals whose quantization destroys its ability to delude an image classifier. This paper presents a new quantization mechanism which preserves the adversariality of the perturbation. Its application outcomes to a new look at the lessons learnt in adversarial sampling.
Complete list of metadata

Cited literature [17 references]  Display  Hide  Download
Contributor : Patrick Bas <>
Submitted on : Wednesday, May 13, 2020 - 12:28:05 PM
Last modification on : Monday, January 18, 2021 - 6:00:02 PM


Files produced by the author(s)



Benoît Bonnet, Teddy Furon, Patrick Bas. What if Adversarial Samples were Digital Images?. IH&MMSEC 2020 - 8th ACM Workshop on Information Hiding and Multimedia Security, Jun 2020, Denver, France. pp.1-11, ⟨10.1145/3369412.3395062⟩. ⟨hal-02553006v2⟩



Record views


Files downloads